This fixes an off-by-one in the ordering restriction check for exception
sections in a module. It also adds proper testing for exception handling
of indirect calls. This in turn adds a table section that triggers the
aforementioned bug.

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions,unittests/WasmModuleVerifyTest
BUG=v8:8091

Change-Id: Ie44ad4dee1b0c623f069fca7661c4282492b52d6
Reviewed-on: https://chromium-review.googlesource.com/1203993Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55615}

{go} sounds active, as if the state would be changed. {reached} sounds
like an accessor.

Drive-by: Make the accessor const to further clarify that this is just
an accessor.

R=titzer@chromium.org

Bug: v8:8015
Change-Id: I80d5223b9573345d3de386d68871a9e828621fc0
Reviewed-on: https://chromium-review.googlesource.com/1203992Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55614}

Since https://crrev.com/c/1112003, the memory size is stored as size_t
instead of uint32_t in order to support 4GB memories.
Loading it as uint32_t only works on little-endian systems, and only for
memory sizes <4GB. This CL fixes this to load and process the memory
size as pointer-sized value.
Additional platform-specific methods are added to perform a shift by a
constant value. This can be reused to improve the generated code for
other shifts.

R=titzer@chromium.org

Bug: v8:8130, v8:6600
Change-Id: Ifa688a3ed0e2809190571f24bdf47a7f53880b3d
Reviewed-on: https://chromium-review.googlesource.com/1203950
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55609}

R=clemensh@chromium.org

Change-Id: I6539bef4a0caa01bffaad85332c31681176c24d6
Reviewed-on: https://chromium-review.googlesource.com/1204110Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55607}

R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions
BUG=v8:8091

Change-Id: I866430e1f3d3e7b93001a4375a869f19de75e65e
Reviewed-on: https://chromium-review.googlesource.com/1203954Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55605}

This fixes exception creation (by the WebAssembly throw operation) so
that it is not observable by JavaScript. Internal properties are now
stored with symbol names instead of string names, which also prevents
them from being accessed or monkey-patched directly by JavaScript.

R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-8094
BUG=v8:8094

Change-Id: I33cb27f4373114cd4db28d9aef23560093e55242
Reviewed-on: https://chromium-review.googlesource.com/1203951
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55602}

WebAssembly.Instantiate would silently fail when the passed in memory
object did not have guard regions even though the compiled module assumes
so. This lead to an inconsitent state and a DCHECK error. Instead, now
throw a LinkError.

Change-Id: I68bab842bcc40d3325aea4b19979d80054ed407c
Reviewed-on: https://chromium-review.googlesource.com/1180892
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55601}

Bug: v8:8126

R=sattlerf@google.com
CC=jgruber@chromium.org, titzer@chromium.org

Change-Id: I32ec94fd913def346d1e783b2ffd0ec7d16e5df5
Reviewed-on: https://chromium-review.googlesource.com/1203730Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55600}

Change-Id: Ie18b39ab50d592c81de6dd2aa2d246191f758b5e
Reviewed-on: https://chromium-review.googlesource.com/1179670
Commit-Queue: Bogdan Lazarescu <bogdan.lazarescu@arm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55589}

R=titzer@chromium.org
TEST=mjsunit/wasm/anyref

Change-Id: Ia79c78038f6cc92f657ee1b48474323bde981155
Reviewed-on: https://chromium-review.googlesource.com/1201784Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55583}

This CL fixes a bug where the receiving instance was updated improperly
in the dispatch table(s) of an imported table.

BUG=chromium:875322
R=mstarzinger@chromium.org

Change-Id: Ib5af238a0847bf332a12863523e897f59f137c1d
Reviewed-on: https://chromium-review.googlesource.com/1196886Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55534}

This adds experimental support for an 'except_ref' value type for caught
exceptions as per the exception handling proposal. In the current for it
is only allowed to have such types in the stack or in a local, support
for having it as part of any signature was left out.

The default value for a local of type 'except_ref' is the 'ref_null'
value for now. Since this value cannot escape a wasm function, the
concrete value is not actually observable.

R=ahaas@chromium.org
TEST=unittests/LocalDeclDecoderTest.ExceptRef,mjsunit/wasm/exceptions
BUG=v8:8091

Change-Id: I7bd65274327a833262f8749cbe0e24e737f6e0c1
Reviewed-on: https://chromium-review.googlesource.com/1196510Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55526}

This removes the thread-local field in question. This side-channel for
the "caught exception" is not needed, we can just explicitly pass the
exception value to all support functions. Also, there is an inherent
problem with having this side-channel, as it will not be properly reset
when an exception handler ends up not rethrowing the exception.

R=ahaas@chromium.org
BUG=v8:8097

Change-Id: I2fdaff89f0eb318ce5a33bf56513165185547c1b
Reviewed-on: https://chromium-review.googlesource.com/1194063Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55517}

Minor cleanup moving some types to more meaningful headers.

Bug: v8:8015
Change-Id: I99e428529f0b2d967a3c67385c80001bb0df19fa
Reviewed-on: https://chromium-review.googlesource.com/1195506Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55511}

This makes sure that direct and indirect calls get proper {IfException}
projections attached to them if they appear within a try-block. It also
re-enables most of the corresponding test cases for this.

R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions
BUG=v8:8091

Change-Id: I111634759651ed47f76850e80c8754751310001b
Reviewed-on: https://chromium-review.googlesource.com/1195365
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55483}

This CL makes the names of tracing flags related to WASM consistent
with the rest of V8 tracing flags.

R=ahaas@chromium.org

Change-Id: I871fb7b5e27ff7b8f587e08507d15c0719881990
Reviewed-on: https://chromium-review.googlesource.com/1193182
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55479}

R=ahaas@chromium.org

Change-Id: I904de575c8c049de64111c12b940c48a50090668
Reviewed-on: https://chromium-review.googlesource.com/1186338
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55424}

R=ahaas@chromium.org
BUG=v8:8091

Change-Id: I648e5a957e02d32e51c94175a6596801ca5ebd9e
Reviewed-on: https://chromium-review.googlesource.com/1188310
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55398}

This is a reland of 524215be

Original change's description:
> Use new arraybuffer deleter interface in d8
> 
> With this cl we start using the custom deleter to free externalized
> array buffers. This also allows us to keep wasm memories registered
> with the wasm memory tracker and thereby to propagate that a memory
> is wasm allocated over postMessage calls.
> 
> Bug: v8:8073, chromium:836800
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
> Reviewed-on: https://chromium-review.googlesource.com/1186681
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55361}

Bug: v8:8073, chromium:836800
Change-Id: Ia3c057ced496363cfdd07eed16ed1d0c7a3f3084
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1188222Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55389}

In LiftoffCompiler::EmitTypeConversion() there is a DCHECK_EQ() where
one argument is implicitly converted to bool. This confuses MSVC, which
causes it to think the two arguments to DCHECK_EQ() do not have the same
type. Fix this with an explicit bool conversion!!

This does not affect the "v8_win64_msvc_compile_rel" bot, presumably
because it is a release bot with DCHECKs turned off.

Change-Id: I602ddae7a970e17388730e895eafd4ec78de7602
Reviewed-on: https://chromium-review.googlesource.com/1187702Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55381}

This reverts commit 524215be.

Reason for revert: Breaks cfi:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20-%20cfi/16422

Original change's description:
> Use new arraybuffer deleter interface in d8
> 
> With this cl we start using the custom deleter to free externalized
> array buffers. This also allows us to keep wasm memories registered
> with the wasm memory tracker and thereby to propagate that a memory
> is wasm allocated over postMessage calls.
> 
> Bug: v8:8073, chromium:836800
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
> Reviewed-on: https://chromium-review.googlesource.com/1186681
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Stephan Herhut <herhut@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55361}

TBR=mstarzinger@chromium.org,herhut@chromium.org

Change-Id: I64c4e76d8d68bad8df4ba3297c099b9b44eabc7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8073, chromium:836800
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1187241Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55366}

This is a reland of b10a967f

Original change's description:
> [wasm] Add feature counter for threads and shared memory
> 
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
> 
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
> 
> R=ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}

Bug: chromium:868844
Change-Id: Iac3a38d80fa71aadd7147704669a8fd671ecfae8
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186343
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55363}

With this cl we start using the custom deleter to free externalized
array buffers. This also allows us to keep wasm memories registered
with the wasm memory tracker and thereby to propagate that a memory
is wasm allocated over postMessage calls.

Bug: v8:8073, chromium:836800
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I57e3ea44d9c6633ada7996677dd1de4da810ab64
Reviewed-on: https://chromium-review.googlesource.com/1186681Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55361}

Change-Id: I0870a13fd257e014a3b6dca8ee7ccb3aa5485066
Reviewed-on: https://chromium-review.googlesource.com/1183525Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55359}

Currently, we use an AllocationKind to signal to the embedder how v8
has allocated the backingstore of an array buffer. The embedder then has
to implement matching logic to free an exernalized buffer. By Using
custom deleters v8 can communicate how to free an externalized array
buffer without requiring all embedders to implement corresponding
freeing logic.

Bug: v8:8073
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I553dec31ba167d6a7b342ded50d685be7dffd1c5
Reviewed-on: https://chromium-review.googlesource.com/1183484
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55347}

This reverts commit b10a967f.

Reason for revert: Breaks a TSAN bot - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/22122

Original change's description:
> [wasm] Add feature counter for threads and shared memory
> 
> This adds a feature counter for WASM shared memory (i.e. the presence
> of the "shared" bit in a WASM module's memory section) and the usage
> of WASM threads opcodes (i.e. wake/wait and atomics).
> 
> This CL also plumbs the WasmFeatures through the compilation pipeline
> to detect features as functions are being compiled.
> 
> R=​ahaas@chromium.org, ulan@chromium.org
> BUG=chromium:868844
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
> Reviewed-on: https://chromium-review.googlesource.com/1186329
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55337}

TBR=ulan@chromium.org,titzer@chromium.org,ahaas@chromium.org

Change-Id: Id011b6707b3359598621b315b87171644132b0ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:868844
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1186421Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55340}

This adds a feature counter for WASM shared memory (i.e. the presence
of the "shared" bit in a WASM module's memory section) and the usage
of WASM threads opcodes (i.e. wake/wait and atomics).

This CL also plumbs the WasmFeatures through the compilation pipeline
to detect features as functions are being compiled.

R=ahaas@chromium.org, ulan@chromium.org
BUG=chromium:868844

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I854f932d3adb16e4fd87196fe2a193950295b856
Reviewed-on: https://chromium-review.googlesource.com/1186329Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55337}

Some builtins, so-called wasm runtime stubs, are copied off-heap to
ensure reachability through near jumps. These builtins must be
individually position-independent. In particular, they may not contain
pc-relative calls to other builtins.

Drive-by: Set hard_abort mode for all wasm runtime stubs to avoid Abort
calls.

Bug: v8:6666
Change-Id: Ie5bc9fc539d6a043dcf7dff66c3b4643baec69ab
Reviewed-on: https://chromium-review.googlesource.com/1183236
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55296}

R=mstarzinger@chromium.org

Change-Id: Iacdff28dd1383d77d7708de4ee22d9f2a77d872a
Reviewed-on: https://chromium-review.googlesource.com/1183440
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55284}

R=ahaas@chromium.org

Change-Id: I92d6e7fc41c9cbb3792a66c9ea8996efe1c8d87d
Reviewed-on: https://chromium-review.googlesource.com/1183434Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55276}

TEST=wasm-spec-tests/tests/exports,wasm-spec-tests/tests/data

Change-Id: I5c1001b00f2a7eab41e6e143afa19803969c0fe4
Reviewed-on: https://chromium-review.googlesource.com/1181022Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55274}

R=titzer@chromium.org

Change-Id: If459225345f8a94eb566334e15331f7741c952d4
Reviewed-on: https://chromium-review.googlesource.com/1183103
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55271}

R=titzer@chromium.org

Bug: chromium:868844
Change-Id: Ib96416dc6ae36e024e90187944f2e9ca92e8b83b
Reviewed-on: https://chromium-review.googlesource.com/1183200Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55262}

This is a reland of 5c309271
(the CL was reverted because of a Chromium test that is now fixed)

Original change's description:
> Reland "[asmjs] Properly validate asm.js heap sizes"
>
> This is a reland of 5d69010e
>
> Original change's description:
> > [asmjs] Properly validate asm.js heap sizes
> >
> > Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> > limitations on the size of asm.js heaps.
> >
> > R=clemensh@chromium.org
> > CC=​mstarzinger@chromium.org
> >
> > Bug: chromium:873600
> > Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> > Reviewed-on: https://chromium-review.googlesource.com/1174411
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55163}
>
> Bug: chromium:873600
> Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
> Reviewed-on: https://chromium-review.googlesource.com/1179681
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55193}

Bug: chromium:873600
Change-Id: I6eca2a89589070837b109278f964fc8e9a0fd6f1
Reviewed-on: https://chromium-review.googlesource.com/1183081Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55249}

This reverts commit 5c309271.

Reason for revert: Broke fast/workers/worker-shared-asm-buffer.html

Original change's description:
> Reland "[asmjs] Properly validate asm.js heap sizes"
>
> This is a reland of 5d69010e
>
> Original change's description:
> > [asmjs] Properly validate asm.js heap sizes
> >
> > Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> > limitations on the size of asm.js heaps.
> >
> > R=clemensh@chromium.org
> > CC=​mstarzinger@chromium.org
> >
> > Bug: chromium:873600
> > Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> > Reviewed-on: https://chromium-review.googlesource.com/1174411
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55163}
>
> Bug: chromium:873600
> Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
> Reviewed-on: https://chromium-review.googlesource.com/1179681
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55193}

TBR=mstarzinger@chromium.org,titzer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:873600
Change-Id: I5845c584c7ac399b9b7939f5fd50c09b7b2cc3d2
Reviewed-on: https://chromium-review.googlesource.com/1182616
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55242}

This makes sure that debug info and interpreter handle are created
lazily, even when interpretation is triggered by a different Isolate
sharing the same WasmEngine (and hence the native module).

R=titzer@chromium.org
TEST=mjsunit/wasm/worker-interpreter
BUG=v8:7424

Change-Id: Iba17e207a537007fd2e642cede22dad7a708c6c7
Reviewed-on: https://chromium-review.googlesource.com/1181045
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55220}

Off-heap trampolines (short trampolines that jump to .text-embedded
builtin instruction streams) should contain exactly one OFF_HEAP_TARGET
reloc entry.

When AddAnonymousCode is called on such a trampoline, it copies the
(off-heap) *instruction stream* and thus should never perform any
relocations using the *trampoline's* RelocInfo.

Bug: v8:6666
Change-Id: I09a11344fb7e62d759c4c943712e7d4e91199130
Reviewed-on: https://chromium-review.googlesource.com/1179671Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55214}

R=titzer@chromium.org

Bug: chromium:875556
Change-Id: I989dbaaec1eac3b7d0c761f25efec043cdeb9d71
Reviewed-on: https://chromium-review.googlesource.com/1180964Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55212}

This makes sure that a tier-up from Ignition to TurboFan (or any other
code publishing) preserves redirections to the Interpreter. Currently an
interpreted function never switches back to compiled.

R=titzer@chromium.org
TEST=mjsunit/wasm/interpreter-mixed
BUG=v8:7921,v8:8018

Change-Id: Ifca479953509708c998c11cc00b481c232678e00
Reviewed-on: https://chromium-review.googlesource.com/1179661
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55195}

This is a reland of 5d69010e

Original change's description:
> [asmjs] Properly validate asm.js heap sizes
> 
> Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> limitations on the size of asm.js heaps.
> 
> R=clemensh@chromium.org
> CC=​mstarzinger@chromium.org
> 
> Bug: chromium:873600
> Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> Reviewed-on: https://chromium-review.googlesource.com/1174411
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55163}

Bug: chromium:873600
Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
Reviewed-on: https://chromium-review.googlesource.com/1179681
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55193}